script/auth/populateRolesFromRelationship.js

	populateRolesFromRelationship.js revision ac3d0527956d93d93c68e3cd2d70d15ee1e654f6
1N/A/*global security, properties, openidm */
1N/A
1N/A
1N/A/**
1N/A * This context population script is called when the managed user auth module was used
1N/A * to successfully authenticate a user
1N/A *
1N/A * global properties - auth module-specific properties from authentication.json for the
1N/A *                     managed user auth module
1N/A *
1N/A *      {
1N/A *          "propertyMapping": {
1N/A *              "userRoles": "roles",
1N/A *              "userCredential": "password",
1N/A *              "userId": "_id"
1N/A *          },
1N/A *          "authnPopulateContextScript": "auth/managedPopulateContext.js",
1N/A *          "defaultUserRoles": [  ]
1N/A *      }
1N/A *
1N/A * global security - map of security context details as have been determined thus far
1N/A *
1N/A *      {
1N/A *          "authorization": {
1N/A *              "id": "jsmith",
1N/A *              "component": "managed/user",
1N/A *              "roles": [ "openidm-authorized" ]
1N/A *          },
1N/A *          "authenticationId": "jsmith",
1N/A *      }
1N/A */
1N/A
1N/A(function () {
1N/A
1N/A    var _ = require("lib/lodash"),
1N/A        user;
1N/A
1N/A    if (!_.has(properties.propertyMapping, 'userRoles')) {
1N/A        throw {
1N/A            "code" : 500,
1N/A            "message" : "Authentication not properly configured; missing userRoles propertyMapping entry"
1N/A        };
1N/A    }
1N/A    user = openidm.read(security.authorization.component + "/" + security.authorization.id, { }, [ "*", properties.propertyMapping.userRoles ]);
1N/A
1N/A    if (!user || !_.has(user, properties.propertyMapping.userRoles)) {
1N/A        throw {
1N/A            "code" : 401,
1N/A            "message" : "Unable to find property " + properties.propertyMapping.userRoles + " for user"
1N/A        };
1N/A    }
1N/A
1N/A    security.authorization = {
1N/A        'id': security.authorization.id,
1N/A        'component': security.authorization.component,
1N/A        'roles': _.chain(user[properties.propertyMapping.userRoles])
1N/A                    .filter(function (r) {
1N/A                        return org.forgerock.json.resource.ResourcePath.valueOf(r._ref).startsWith("repo/internal/role");
1N/A                    })
1N/A                    .map(function (r) {
1N/A                        // appending empty string gets the value from java into a format more familiar to JS
1N/A                        return org.forgerock.json.resource.ResourcePath.valueOf(r._ref).leaf() + "";
1N/A                    })
1N/A                    .value()
1N/A    };
1N/A
1N/A    return security;
1N/A}());
1N/A